Brainstormforce Spectra — known CVE vulnerabilities
Every CVE whose affected-product data names Brainstormforce Spectra, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2023-36679 — CVSS 7.1 (high): Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.
CVE-2024-7590 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra…
CVE-2023-49833 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra –…
CVE-2024-10484 — CVSS 6.4 (medium): The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget…
CVE-2024-1814 — CVSS 6.4 (medium): The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial…
CVE-2024-4366 — CVSS 6.4 (medium): The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’…
CVE-2024-1815 — CVSS 6.4 (medium): The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery…
CVE-2023-6486 — CVSS 6.4 (medium): The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in…
CVE-2020-36702 — CVSS 5.5 (medium): The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including…
CVE-2020-36656 — CVSS 5.4 (medium): The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to…
CVE-2023-36676 — CVSS 5.4 (medium): Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.
CVE-2023-23730 — CVSS 5.3 (medium): Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue…
CVE-2023-23738 — CVSS 5.3 (medium): Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force…
CVE-2023-23735 — CVSS 5.3 (medium): Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code…
CVE-2024-3107 — CVSS 4.3 (medium): The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6…
CVE-2024-37517 — CVSS 4.3 (medium): Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security…
CVE-2023-23834 — CVSS 4.3 (medium): Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security…
CVE-2023-23825 — CVSS 3.1 (low): Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security…